PHP Pdo_sql_parser.re 'PDO' Extension DoS Vulnerability (Windows) Network Vulnerability

Summary

This host is installed with PHP and is prone denial of service vulnerability.

Impact

Successful exploitation could allow remote attackers to cause a denial of service condition. Impact Level: Application

Solution

Upgrade to PHP Version 5.3.14 or 5.4.4 or later, For updates refer to http://php.net/downloads.php

Insight

The flaw is due to an error in the PDO extension in pdo_sql_parser.re file, which fails to determine the end of the query string during parsing of prepared statements.

Affected

PHP version before 5.3.14 and 5.4.x before 5.4.4 on Windows

References

http://seclists.org/bugtraq/2012/Jun/60
http://www.php.net/ChangeLog-5.php
https://bugs.php.net/bug.php?id=61755
https://bugzilla.novell.com/show_bug.cgi?id=769785

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-3450

CVSS	Base Score: 2.6 AV:N/AC:H/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Apache 'mod_proxy_ftp' Module Denial Of Service Vulnerability (Linux)
Oracle VM VirtualBox Unspecified Denial of Service Vulnerability (Windows)
Trend Micro OfficeScan Client Denial Of Service Vulnerability
Firefox Browser designMode Null Pointer Dereference DoS Vulnerability - Win
Squid Proxy Cache ICAP Adaptation Denial of Service Vulnerability

PHP pdo_sql_parser.re 'PDO' extension DoS vulnerability (Windows)

Take action and discover your vulnerabilities